Medium severity6.5NVD Advisory· Published May 19, 2026· Updated May 20, 2026
CVE-2026-8706
CVE-2026-8706
Description
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<151.0+ 1 more
- (no CPE)range: <151.0
- (no CPE)range: <151.0
Patches
Vulnerability mechanics
References
2- www.mozilla.org/security/advisories/mfsa2026-49/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.